Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3989
Views
5
Helpful
9
Replies

Site to site VPN - can not ping from one end.

imstha001
Level 1
Level 1

‎01-20-2017 01:54 PM

We have recently established Site to Site VPN.

The Issue is from remote end , ping is responding fine but I could not ping to remote end local network

I assume if ping is working fine from one side means VPN is okay and it is just a matter of firewall rules?

please suggest me.

Labels:
0 Helpful
9 Replies 9

gm2300061
Level 1
Level 1

‎01-20-2017 02:52 PM

Hi!


I don't know what your network scheme is, but if it is something like: compoter-A---RoterA<--->RouterB---ComputerB, and you can ping from RouterA to RouterB but not from ComputerA to COmputerB, it could be because of your firewall. Windows firewall rejects incoming ICMP packets by default. You can check if you are reciving the PING using wireshark in the ends of the network. Other cause among  hundreds could be NAT. Check carefully what traffic is going through NAT in the routers (A and B). NAT is done before IPsec cryptomaps, and that would make traffic not entering the VPN.

imstha001
Level 1
Level 1
In response to gm2300061

‎01-21-2017 12:16 PM

Thanks

Computer A can ping Computer B. But computer B can not ping Computer A.

I just want to make sure that it is not VPN related issue as Comp A can ping Comp B.

is not it other than VPN, may be firewall?

0 Helpful

Marius Gunnerud
VIP
VIP
In response to imstha001

‎01-21-2017 12:37 PM

Is computer A a windows machine? if yes, is the windows firewall turned off or at the very least ICMP allowed in windows firewall?

Also, check the firewall rules to see if ICMP is allowed from computer B to computer A.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

SysAdmin_007
Level 1
Level 1
In response to gm2300061

‎04-19-2018 02:18 PM

Thank you, it solved my ping issue. I was scratching my head trying to figure out why one PC couldn't ping other PC. I turned firewall off and ping worked, thanks again.
0 Helpful

Bryan McFarlane
Level 1
Level 1

‎01-20-2017 03:15 PM

Is this an ASA, or IOS based product? Can you share more details of your configuration?

If it is an ASA, you can use the "Packet Tracer" feature which allows you to execute a "what if" traffic scenario with detailed information on where the traffic dropped, or if it should be successfully passed through the firewall (and in what manner).

0 Helpful

imstha001
Level 1
Level 1
In response to Bryan McFarlane

‎01-21-2017 12:21 PM

In my end it is Cisco router but other end i think Juniper

0 Helpful

MANI .P
Level 1
Level 1

‎01-21-2017 12:45 AM

Does other end have applied any inspection ?

0 Helpful

imstha001
Level 1
Level 1
In response to MANI .P

‎01-21-2017 12:19 PM

Thanks,

I am not sure, I am doing only one end.

0 Helpful

Marius Gunnerud
VIP
VIP

‎01-21-2017 07:54 AM

What type of devices are used for setting up the s2s tunnel (ASA, Router).  From what device are you pinging from on your local network?  Which IP is replying to ping, is it an IP across the VPN or is it the public IP of the remote end?

Also, could you post a network diagram so we understand what devices are involved and how they are connected in relation to eachother.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Top